deferred-finding
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill is a legitimate process documentation tool for software development workflows.
- Prompt Injection: No patterns of prompt injection or safety filter bypasses were found. Strong instructional language like "ABSOLUTE REQUIREMENT" is used contextually to enforce the issue-tracking process.
- Data Exposure: The skill interacts with GitHub issues using standard tools. No hardcoded credentials or unauthorized access to sensitive local files were detected.
- Dynamic Execution: The skill includes examples of shell commands (
gh issue create). These examples use best practices like single-quoted heredocs ('EOF') to prevent unintended shell expansion and are intended for standard project management tasks. - Indirect Prompt Injection (LOW): While the skill ingests finding details which could be untrusted, the use of structured templates and specialized GitHub tools significantly limits the risk of content being interpreted as instructions. As per the security skill guidelines, this ingestion surface is considered a low-severity risk inherent to the skill's primary function.
Audit Metadata